2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement

2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement

Microsoft, the FBI, Europol and A10 Networks has disrupted the ZeroAccess (Sirefef) P2P ad fraud botnet. ZeroAccess is believed to use up to 800,000 out of a total of two million infected PCs at any time, mostly in the US and Europe, capable of stealing $2.7 million from online advertisers every month.

ZeroAccess, explained Europol in an announcement late last night, "is used to commit a slew of crimes including search hijacking, which ‘hijacks’ people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. Zeroaccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated web traffic and other criminal activity."

It's a P2P-controlled botnet. Rather than instructions coming from a single central C&C server (relatively easy to takedown) it is controlled via an infrastructure of tens of thousands of PCs (almost impossible to takedown). Nevertheless, the operation led by the Microsoft Digital Crimes Unit in the US and supported by coordinated Europol action in Europe is likely to inflict serious disruption on the botnet.